2019-01-07 20:28:53 +00:00
|
|
|
set -e
|
|
|
|
|
|
|
|
if ! [ $(id -u) = 0 ]; then
|
|
|
|
echo "Please run this script as root."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2018-09-06 13:47:33 +00:00
|
|
|
HIRS_SITE_CONFIG="/etc/hirs/hirs-site.config"
|
|
|
|
|
2019-01-07 20:28:53 +00:00
|
|
|
mkdir -p /var/log/hirs/provisioner
|
2019-02-14 17:39:21 +00:00
|
|
|
mkdir -p /etc/hirs/provisioner/certs
|
2019-01-07 20:28:53 +00:00
|
|
|
ln -s -f /usr/local/bin/hirs-provisioner-tpm2 /usr/sbin/hirs-provisioner-tpm2
|
|
|
|
ln -s -f /usr/local/bin/tpm_aca_provision /usr/sbin/tpm_aca_provision
|
2019-02-14 17:39:21 +00:00
|
|
|
ln -s -f /usr/local/bin/tpm_version /usr/sbin/tpm_version
|
2018-09-06 13:47:33 +00:00
|
|
|
|
|
|
|
if [ ! -f $HIRS_SITE_CONFIG ]; then
|
|
|
|
# Create template site config if it does not exist
|
|
|
|
cat <<DEFAULT_SITE_CONFIG_FILE > $HIRS_SITE_CONFIG
|
|
|
|
#*******************************************
|
|
|
|
#* HIRS site configuration properties file
|
|
|
|
#*******************************************
|
|
|
|
|
|
|
|
# Client configuration
|
|
|
|
CLIENT_HOSTNAME=$(hostname -f)
|
|
|
|
TPM_ENABLED=
|
|
|
|
IMA_ENABLED=
|
|
|
|
|
|
|
|
# Site-specific configuration
|
|
|
|
ATTESTATION_CA_FQDN=
|
|
|
|
ATTESTATION_CA_PORT=8443
|
|
|
|
BROKER_FQDN=
|
|
|
|
BROKER_PORT=61616
|
|
|
|
PORTAL_FQDN=
|
|
|
|
PORTAL_PORT=8443
|
|
|
|
|
|
|
|
DEFAULT_SITE_CONFIG_FILE
|
|
|
|
|
|
|
|
echo "$HIRS_SITE_CONFIG not found - a template has been created"
|
|
|
|
echo "Set your site configuration manually in $HIRS_SITE_CONFIG, then run 'hirs-provisioner-tpm2 provision' to provision this system"
|
|
|
|
fi
|
2019-02-14 17:39:21 +00:00
|
|
|
ln -s -f /etc/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
|
2020-10-09 14:48:17 +00:00
|
|
|
|
2020-10-09 17:18:10 +00:00
|
|
|
TCG_BOOT_FILE="/etc/hirs/tcg_boot.properties"
|
2020-11-27 18:09:04 +00:00
|
|
|
TCG_DIRECTORY="/boot/tcg"
|
2020-11-30 13:38:46 +00:00
|
|
|
RIM_FILE_LOCATION="$TCG_DIRECTORY/manifest/rim/"
|
|
|
|
SWIDTAG_FILE_LOCATION="$TCG_DIRECTORY/manifest/swidtag/"
|
2020-11-27 18:09:04 +00:00
|
|
|
CREDENTIALS_LOCATION="$TCG_DIRECTORY/cert/platform/"
|
2020-12-01 16:13:41 +00:00
|
|
|
BINARY_BIOS_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements"
|
2020-10-09 17:18:10 +00:00
|
|
|
|
|
|
|
if [ ! -f "$TCG_BOOT_FILE" ]; then
|
|
|
|
touch "$TCG_BOOT_FILE"
|
|
|
|
fi
|
|
|
|
|
2020-11-30 13:38:46 +00:00
|
|
|
if [ -d "$RIM_FILE_LOCATION" ]; then
|
|
|
|
echo "tcg.rim.dir=$RIM_FILE_LOCATION" > "$TCG_BOOT_FILE"
|
2020-10-09 14:48:17 +00:00
|
|
|
fi
|
2020-10-09 17:18:10 +00:00
|
|
|
|
2020-11-30 19:16:57 +00:00
|
|
|
if [ -d "$SWIDTAG_FILE_LOCATION" ]; then
|
2020-11-30 13:38:46 +00:00
|
|
|
echo "tcg.swidtag.dir=$SWIDTAG_FILE_LOCATION" >> "$TCG_BOOT_FILE"
|
2020-10-09 17:18:10 +00:00
|
|
|
fi
|
|
|
|
|
2020-11-27 18:09:04 +00:00
|
|
|
if [ -d "$CREDENTIALS_LOCATION" ]; then
|
|
|
|
echo "tcg.cert.dir=$CREDENTIALS_LOCATION" >> "$TCG_BOOT_FILE"
|
|
|
|
fi
|
|
|
|
|
2020-12-01 16:13:41 +00:00
|
|
|
if [ -f "$BINARY_BIOS_MEASUREMENTS" ]; then
|
|
|
|
echo "tcg.event.file=$BINARY_BIOS_MEASUREMENTS" >> "$TCG_BOOT_FILE"
|
|
|
|
fi
|
|
|
|
|
2020-10-09 17:18:10 +00:00
|
|
|
chmod -w "$TCG_BOOT_FILE"
|